Configuring Vulnerability Protection Settings

Select Enable Vulnerability Protection.

Configure intrusion prevention settings:

Click the Intrusion Prevention Rules tab.
Select one of the following modes:
- Performance priority: Uses a subset of Intrusion Prevention Rules to ensure protection against known vulnerability issues
- Security priority: Uses the full set of Intrusion Prevention Rules to protect against known vulnerability issues and provide enhanced protection against suspicious network activities

(Optional) Select a view to filter the list of Intrusion Prevention Rules by status.

View	Description
All	Displays all Intrusion Prevention Rules
Defined by mode (Enabled)	Displays only the Intrusion Prevention Rules that are enabled by the selected mode
Defined by mode (Disabled)	Displays only the Intrusion Prevention Rules that are disabled by the selected mode
Enabled	Displays all enabled Intrusion Prevention Rules
Disabled	Displays all disabled Intrusion Prevention Rules

Modify the status of a rule by selecting from the Status drop-down control.
- Defined by mode (Enabled): The selected priority mode enables the corresponding rule by default. Select to apply the rule status defined by the priority mode.
- Defined by mode (Disabled): The selected priority mode disables the corresponding rule by default. Select to apply the rule status defined by the priority mode.
- Enabled: Select to enable the rule.
- Disabled: Select to disable the rule.

Configure network engine settings:

Click the Network Engine Settings tab.
Select the Network Engine detection mode.
- Inline: Live packet streams pass directly through the Vulnerability Protection network engine. All rules are applied to the network traffic before the packets proceed up the protocol stack.
- Tap (Detect-only): Live packet streams are replicated and diverted from the main stream.

Configure the following settings:

Setting	Description
ESTABLISHED Timeout	How long to stay in the ESTABLISHED state before closing the connection.
LAST_ACK Timeout	How long to stay in the LAST-ACK state before closing the connection.
Cold Start Timeout	Amount of time to allow non-SYN packets that could belong to a connection that was established before the stateful mechanism was started.
UDP Timeout	Maximum duration of a UDP connection.
Maximum TCP Connections	Maximum simultaneous TCP Connections.
Maximum UDP Connections	Maximum simultaneous UDP Connections.
Ignore Status Code	This option lets you ignore certain types of Events. You can specify up to three Events to ignore.
Advanced Logging Policy	Select from the following settings: Bypass: No filtering of Events. Overrides the Ignore Status Code settings (above) and other advanced settings, but does not override logging settings defined on the Apex One server. Default: Will switch to Tap Mode if the engine is in Tap Mode, and will switch to Normal if the engine is in Inline Mode. Normal: All Events are logged except dropped retransmits. Backwards Compatibility Mode: For support use only. Verbose Mode: Same as Normal but including dropped retransmits. Stateful and Normalization Suppression: Ignores dropped retransmit, out of connection, invalid flags, invalid sequence, invalid ack, unsolicited udp, unsolicited ICMP, out of allowed policy. Stateful, Normalization, and Frag Suppression: Ignores everything that Stateful and Normalization Suppression ignores as well as events related to fragmentation. Stateful, Frag, and Verifier Suppression: Ignores everything Stateful, Normalization, and Frag Suppression ignores as well as verifier-related events. Tap Mode: Ignores dropped retransmit, out of connection, invalid flags, invalid sequence, invalid ack, max ack retransmit, packet on closed connection. For a more comprehensive list of which Events are ignored for Stateful and Normalization Suppression, Stateful, Normalization, and Frag Suppression, Stateful, Frag, and Verifier Suppression, and Tap Mode, see Advanced Logging Policy Modes.

Click Save to apply settings.